This invention relates to security mechanisms for computer systems. More specifically, the invention is concerned with a means for controlling access to files and other objects so as to protect the data from access by unauthorised programs and to allow the confidentiality and integrity of data residing in the system to be maintained.
Many computer systems, including enhanced security versions of UNIX, (UNIX is trade mark of Unix System Laboratories Inc) permit access to files, etc to be controlled by associating with each file a list of the users (and/or groups of users) who are allowed to access the file, with the types of access permitted to each. This list is an example of an Access Control List (ACL). For example, a file might have associated with it the ACL:
______________________________________ jo: rwx alex: chris: x *: r-x ______________________________________
indicating that jo is permitted to read, write or execute the file; alex is not permitted to access it at all; chris is permitted only to execute it; and everyone else (the * entry) is permitted to read and execute it.
Each file also has an owner, who is the only user that is allowed to change the ACL.
Several years ago a seminal paper was published on access control in commercial systems (A Comparison of Commercial and Military Security Policies, Clark & Wilson, IEEE Oakland Conference on Security and Privacy, 1987). A premise of the paper is that access control in commercial systems needs to be based not only on the identity of the user requesting the action, but also on the identity of the program which is acting on the user's behalf to access the data.
An object of the present invention is to provide an improved security mechanism for a computer system. This mechanism builds on the above proposal to provide support for application implemented security policies via access control based on the identity of the program.